Improving the Ecosystem: Disclosing KeepKey’s PIN Vulnerability

In the world of cryptocurrencies, we all have a responsibility to ensure the highest level of security for these valuable assets. Our main goal at Ledger is to provide this for our own devices. However, we equally try to do our part in elevating the overall level of security for the entire cryptocurrency market.

Our Shared Responsibility

We all have a shared responsibility in keeping the cryptocurrency ecosystem secure. When a major hack or theft takes place, it affects everyone who participates in the cryptocurrency market. In order to push crypto adoption and gain the trust of critics, the security level in the market needs to continuously be challenged and increased.

In our aim to establish the highest security standard, our team of world-class security experts first and foremost try to break into our own devices and enhance the level of protection that Ledger devices bring. As a secondary objective, we also review the security of other actors in the cryptosphere to help elevate their level of security as well. Naturally, this is disclosed responsibly to allow the vendors time to fix the vulnerability. This has previously resulted in several companies in the cryptocurrency market such as Ellipal and HTC to have patched vulnerabilities and enhanced the security of their devices.

Unfortunately, however, if a fix for a vulnerability is not found, we do carry the burden of having to inform users of potential risks. By informing them, they can follow certain best practices to prevent becoming a victim of theft. Equally, it could limit the amount of potential victims.

The Vulnerability

While indeed KeepKey devices are equally vulnerable to recovery phrase extraction in a similar fashion as Trezor, in this article we’ll be instead focusing on a different vulnerability concerning PIN verification.

Before getting into it, do be reassured that it concerns a physical vulnerability. ShapeShift, the company behind KeepKey, has stated in a response that “KeepKey’s job is to protect your keys against remote attacks”. That’s fair, and indeed this is still the case to our knowledge.

That said, we do have to conclude that aside from the recovery phrase being vulnerable to extraction, it is equally possible to extract a KeepKey’s PIN code through a physical vulnerability. This means that if someone manages to take your device, they could unlock your device without needing your PIN code. 

The Details

The following explanation of this vulnerability is a more simplified version. You can find the Donjon’s full work with high-level technical details in this article. That said, hold onto your hats, the following part will still get a tad bit technical.

The type of attack used for this vulnerability is called a Side Channel Attack. This is an attack path that requires physical access to your device. In a nutshell, Side Channel Attacks look at physical changes based on the action the device is trying to process. For example, entering the number 9 for your PIN code might give a different voltage output on a specific circuit versus entering the number 4.

For the analysis part, the Donjon team has used their self-developed Lascar. This highly advanced tool is used to analyse the code that is running on the chip. Then for the actual Side Channel Attack, the Donjon team connected the KeepKey device to their equally self-created evaluation board called Scaffold. Both of these expertly designed tools are completely open-sourced.

The PIN number is cryptographically mixed with secret data stored inside KeepKey’s memory. For each secret value, the voltage inside the KeepKey’s chip differs. Having tested each possible secret data multiple times, the Donjon team was able to establish a database that shows how each of these secret values compares to its voltage output.

After this, the database can be used to recover the secret data of any KeepKey device. One can connect the KeepKey device to read the chip’s voltage and compare the output to that of the database. This secret data can then be used to reliably recover the PIN code.

The Workaround

Thankfully, ShapeShift was able to enhance KeepKey’s security and has since released firmware version 6.4.1, which has patched this vulnerability. So long as you have updated your KeepKey’s firmware, you should be fine in regards to the PIN extraction vulnerability. 

Equally if using an older firmware version, there are still two things that you can do. Firstly, you could make sure that your KeepKey device is out of anyone’s reach at all times. Physical attacks can simply not be performed if no one has access to your device. For another, using a strong passphrase (preferably over 37 characters) is recommended. This way, even if one were to unlock your KeepKey hardware wallet, they’d still not be able to access the cryptocurrencies secured behind the passphrase.

Unfortunately, entering the passphrase is done in a similar fashion as the Trezor One: it’s entered through a computer. This means that if your computer is compromised, an attacker could spy on you entering your passphrase. 

At any rate, it does provide additional security to protect against physical attacks on your KeepKey device, so it is recommended to use a passphrase. This equally helps protect the assets on your KeepKey further against the recovery phrase extraction vulnerability. While the recovery phrase extraction vulnerability seems to be completely unfixable, the PIN code Side Channel Attack vulnerability has thankfully since been fixed in the latest firmware version.